Java Web Services Security with 10.1.2.1

Similar Messages

• Web Service Security with SAML - Invalid XML signature

  Hello together,
  we want to build a scenario where we want to use Web Service Security  with SAML.
  The scenario will be
  WS Client (Java Application) -> WS Adapter -> Integration Engine ->  WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
  SAP PI release is 7.11 (SP Level 4)
  We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
  The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
  But we get following error at calling the CRM system when we want to communicate with SAML:
    <E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
  Has somebody an idea of the possible reason for the error.
  Thanks in advance
  Stefan

  Error Messages in the Trace/Log Viewer:
  CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
  A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48  with internal error id 1001  and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1  ).
  Invalid XML signature

• Web service security with active directory

  Hi,
  i want to protect my webservice by using active directory for authentication.
  (i am using jdeveloper 10.1.3.1 and bundled OC4J)
  i follow the document web service developer guide (section External LDAP Security Providers) and set up the LDAP security provider...
  in the OC4J web admin security page...i have press the 'test ldap authorization'
  button to CONFIRM the ldap connection is correctly set.
  but when i call the web service, deployed in that OC4J container,
  operation fail with the following message :
  javax.xml.rpc.soap.SOAPFaultException: UnsupportedCallbackException: oracle.security.jazn.callback.IdentityCallback@19f410 not available to gather authentication information from the user
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:568)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:396)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:112)
  at test.proxy.ws1.runtime.MyWebService1SoapHttp_Stub.getUserNameYY(MyWebService1SoapHttp_Stub.java:134)
  at test.proxy.ws1.MyWebService1SoapHttpPortClient.getUserNameYY(MyWebService1SoapHttpPortClient.java:50)
  at test.proxy.ws1.MyWebService1SoapHttpPortClient.main(MyWebService1SoapHttpPortClient.java:33)
  could anybody help me?
  thank you very much

  actually i use the default setting provided by oracle's configuration
  wizard for active directory
  User:
  LDAP User Name Attribute: sAMAccountName
  LDAP User Object Class : inetOrgPersion
  User Search Scope: subtree
  User Search Base: dc=xxx, dc=com
  Groups:
  LDAP Group Name Attribute: cn
  LDAP Group Object Class: group
  LDAP Group Member Attribute: member
  Group Search Scope: subtree
  Group Membership Search Scope: direct
  Group Search Base: dc=xxx, dc=com
  using the same user, user searchbase, i can search the AD using other
  tools.
  could anybody help me ?
  thank yous.

• Web service security with mutiple certificates

  Is it possible to secure a web service on OC4J such that multiple clients can securely access the same web service. I have been trying to send messages to the same web service end point using multiple signature keys. The problem that I am getting is that if I do not use the signature key specified within OC4J to sign the message I am receiving the following error "javax.xml.rpc.soap.SOAPFaultException: Chain does not terminate with a trusted CA". Note all the certificates are present in the configure OC4J keystore.
  Can anyone point me in the direction of some documentation on how to configure a web service to be securely accessed by multiple clients (certificates)
  Cheers
  Neil

  Here is an example where we have two keystores, Bob and Alice.
  Bob's Keystore:
  Entry Alias: alice (Trusted Certificate) >>> No password
  Entry Alias: bob (Key Pair + CA Certs) >>> password welcome1
  Alice's Keystore:
  Entry Alias: bob (Trusted Certificate) >>> No password
  Entry Alias: Alice (Key Pair + CA Certs) >>> password welcome1
  In our scheme each party on the end of the message exchange have two key-pairs one for signature and one of encryption:
  In the Oracle Web Service.xml you should see something to the effect:
  <key-store name="mykeystore" store-pass="welcome1"
  path="META-INF/bob.jks"/>
  <signature-key key-pass="welcome1" alias="bob"/>
  <encryption-key key-pass="welcome1" alias="bob"/>
  Later in this XML, you would see the encrypt element, here we let it know to use alice for XML Encryption:
  <encrypt>
  <recipient-key alias="alice"/>
  <encryption-method>AES-128</encryption-method>
  <tbe-elements>
  <tbe-element local-part="Body"
  name-space="http://schemas.xmlsoap.org/soap/envelope/"/>
  </tbe-elements>
  </encrypt>
  The default behavior is to only work with one client. If you need to work with multiple, then we have a means here:
  http://download-west.oracle.com/docs/cd/B31017_01/web.1013/b28976/adminasc.htm#BABFFICH

• Web Service security with Apache Axis. 403 forbidden error

  Hello.
  I have to invoke a Web Service method via https. To achieve that, I have correctly added the server certificate to my truststore.
  When I invoke the method, I obtain this error:
  AxisFault
  faultCode: {http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (403)Forbidden
  This is because the server requests me for a client certificate.
  I have the certificate, but I don't know how to use it in the java client.
  Does anybody know how to do that? Any kind of help will be very useful.
  Thank you very much in advance.
  NOTE: If I write the url of the web service in a web browser, the server requests me for a client cert. When I chose the appropiate certficate, the web browser shows me this message from the web service: "Hello, this is a Web Service"

  Finally my problem has been solved.
  I added the necesary properties to the system and everything went well.
  This is the code:
  String trustStore = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
  String keyStore = System.getProperty("java.home") + "/lib/security/keystorePKCS12".replace('/', File.separatorChar);
  String tspasswd = "myTrustStorePassword";
  String kspasswd = "myKeyStorePassword";
  System.setProperty("javax.net.ssl.trustStore", trustStore);
  System.setProperty("javax.net.ssl.trustStorePassword", tspasswd );
  System.setProperty("javax.net.ssl.keyStore", keyStore);
  System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
  System.setProperty("javax.net.ssl.keyStorePassword", kspasswd );It's necesary to say that my keystore is PKCS12 type, and it stores only one pkcs certificate.
  Note that is also posible to set these system properties in the Tomcat start script.

• Exception obtained when invoking a web service generated with JDeveloper

  Hello,
  I tried to create a synchronous BPEL process that invokes synchronously a Java Web Service created with the JDeveloper. The web service is wrapped around a regular Java class. The new created BPEL process is successfully compiled and deployed on the server. But when I try to initiate a test instance of the process in the BPEL console, after I fill the input parameter for then process and push the "Post XML Message" button, I obtain the following error:
  Your test request generated the following exception/fault:
  BPEL Fault: {http://oracle.com/cde/util/Top300DAO.wsdl}org.apache.wsif.soap.fault{org.apache.wsif.soap.fault.object=java.net.ConnectException: Connection refused: connect}
  I looked at flow and it throws the exception when it tries to invokes the web service generated with JDeveloper.
  Do you have any hints, ideas? Thanks a lot in advance for your help.
  I want to also say that the proxy settings for the BPEL server and designer are filled. I think that they are ok because I succeeded to start an instance of another process that calls synchronously an external Web Service.
  Regards,
  Marinel

  My guess is that this is caused by the WSDL of your service having an invalid service address. Can you please take a look at the WSDL of your service make sure that the location of the address is valid? (we have seen a couple of instances in the past where the generated url did not have the right port information).
  Update that WSDL, restart the BPEL server or from the BPEL console clear the WSDL cache and re-initiate your flow.
  Best,
  Edwin

• Working with Web Service Security

  Hi... forum
  I really need your help.
  I created a web service client. with JDEV 10.1.3, when i crearted a function call i got this error
  javax.xml.rpc.soap.SOAPFaultException: SoapException
  at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:540)
  at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:390)
  at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:111)
  at com.ws.runtime.POSSoap_Stub.comprar(POSSoap_Stub.java:659)
  at com.ws.POSSoapClient.comprar(POSSoapClient.java:55)
  at com.ws.POSSoapClient.main(POSSoapClient.java:40)
  I debug the application and then get down in this line:
  send((String) getProperty(ENDPOINT_ADDRESS_PROPERTY), _state);
  i also using web Secure Proxy
  and i have another methor called ping and this work fine, but one method that needs webservice security doesn´t work.
  some body has work with Webservice Security ?
  How can i view the message that is sending ?
  i don´t know what´s happenning ?
  Can help me, please?
  thnks
  Josue

  HI Frank, thank you for your help...
  I run the HTTP analyzer and see the error.. the usernametoken doesn´t was put it...
  My proxy i put it like secure proxy and i check the option username token. but the service. doesn´t put me this tag.
  this the message send it.
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="urn:schemas-orbitel-com-co:pos">
  <env:Body>
  <ns0:SolicitudCompra>
  <ns0:IdTransaccion>123</ns0:IdTransaccion>
  <ns0:TipoTarjeta>Orbitel Europa</ns0:TipoTarjeta>
  <ns0:Localizacion>Colombia</ns0:Localizacion>
  <ns0:Valor>0</ns0:Valor>
  <ns0:ZonaHoraria>0</ns0:ZonaHoraria>
  </ns0:SolicitudCompra>
  </env:Body>
  </env:Envelope>
  And the error message is..:
  <soap:Fault>
  <faultcode>soap:Server</faultcode>
  <faultstring>SoapException</faultstring>
  <faultactor>urn:schemas-orbitel-com-co:pos</faultactor>
  <detail>
  <Error xmlns="urn:schemas-orbitel-com-co:pos">
  <Codigo>POS006</Codigo>
  <Descripcion>El UsernameToken no fue suministrado</Descripcion>
  </Error>
  </detail>
  </soap:Fault>
  Frank, what can i do. to put the usernametoken into the send message.. ?
  thnks four your help...
  thnks.
  Joshua

• SOAP Request with Web Service Security

  Hi masters of XI,
  the Oasis standard for web services security saids that exists three levels of security for web services, at higher level is Encryption, middle level is signature and at lower level is authentication with username and password inside the soap envelope.
  I need to do a SOAP Request signed with a X.509 certificate and username and password too in SAP PI 7.0 SP11. I can sign the request with X.509 certificate without problems but i can't authenticate the request with username and password in usernametoken element like saids the Oasis standard
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  How can we send UserNameToken's elements inside SOAP web service envelope
  signing with X.509 certificate also? There are any way to do it in the
  receiver agreement or receiver SOAP adapter?
  thanks.

  Hi,
  thank you very much for your answers.
  I have solved the SSL comunication and i can sign with X.509 certificates. My problem is that in the SOAP envelope of resquest signed only travels the X.509 certificate and I need to send the username security token (wsse:UsernameToken) also.
  <wsse:Security>
  <wsse:UsernameToken>
  <wsse:Username>XXXX</wsse:Username>
  <wsse:Password>XXXXXXXXX</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  I can't find the solution to do it. The Netweaver documentation says that Netweaver is able to sign SOAP request with X.509 certificates and is able too for using UsernameToken as part of Oasis standard for web service security. In abap stack of NW you can assign a security profile to a web service call for signing the message or authenticate it with username/password inside SOAP envelope, but in java stack of XI i think that there is no way to do it.
  This is my Request:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>     
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>
  And this is the request I need:
  <?xml version="1.0" encoding="utf-8"?>
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-71968700">MIIHdTCCBl2gAwIBAgIQOq4nmg5zi4NGsIGjPUZVuTANBgkqhkiG9w0BAQUFADCCAT4xCzAJBgNVBAYTAkVTMTswOQYDVQQKEzJBZ...8d4pAJYk=</wsse:BinarySecurityToken>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-104376803">
          <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#id-104309952">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>R6WE9gs+l496jHCgslgALWswEnE=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference URI="#Timestamp-104310599">
              <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue>aiCTZ0WwiZQEv8zVmmf8GLu/bYA=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue>YR9Q5oUA6kFFmPYOIOQPTOgTgapMbkmgdlDM/TZJ2CS8ENAntfsnmpEbpUgOPUVMkgaECog0OKvlADHP0HvJtPdm2NJljZNCCgrk3hlmmtkXkRauVuH5KRiHE5NeWT4+Uspp3ashebu0IuOO66zt4Q=</ds:SignatureValue>
          <ds:KeyInfo Id="KeyId-104377209">
            <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-104377346">
              <wsse:Reference URI="#CertId-71968700" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
            </wsse:SecurityTokenReference>
          </ds:KeyInfo>
        </ds:Signature>
  <!-- THIS IS THE PART I NEED -->
  <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-104312926">
          <wsse:Username>xxxxxxx</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
        </wsse:UsernameToken>
  <!--  -->
  <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-104310599">
          <wsu:Created>2008-01-16T21:28:44.081Z</wsu:Created>
          <wsu:Expires>2008-01-16T21:33:44.081Z</wsu:Expires>
        </wsu:Timestamp>
      </wsse:Security>
    </soapenv:Header>

• Issue with Web Service Security

  Dear Forum Members and Readers,
  I am a beginner to Web Services, and facing an issue with WS-Security.
  My issue seemingly is quite specific to my projects though, It will be great if you can provide me your views.
  Context Description:
  I am developing a Java Web Service application that is deployed on JBoss Application Server.
  This application will communicate with two other applications those are not deployed in same JBoss Application Server.
  These 2 applications are third party applications, one is C++ based web services and other is Java based web services.
  My application gives a call to Third Party Application1 and receives the response back form it. It then passes this received response to Third Party Application 2.
  Issue Description:
  I now need to enable https paradigm among these 3 applications. (I need to implement web service security model here)
  I started with looking in to JBoss specific WS-Security but found it not suitable in my case, as it requires to configure both the client and server. I have the control over my application but not on other 2 third party applications.
  To this extent, I am unable to identify a solution that can address my issue.
  Can anybody please provide me with initial thoughts or any reference material that might help me to give this a start.
  Any clue will be highly appreciated!
  Thanks in advance
  Mukul

  mukul.object wrote:
  Actually, my SOAP messages contains some critical information that needs to be encrypted.You think that its critical information however your third party doesn't. If they would have had same thought they would have enabled the security. As I said earlier, you will have to discuss this with them.
  Another solution (however I don't know the viability in your case) could be to deploy one component before each third party service. Your web service will call this new component (Which is installed in their environment i.e. local to third party web service) and new component will forward the request to third party service. Now you can apply security/encryption/decryption between your web service and your component.
  I have had a look in to XMLEncrytion using that I can encrypt my SOAP messages but I wonder how would other tools decrypt that.My above comments answers this.
  Is there anyway I can encrypt my SOAP messages (without having to customize third party tools) in this scenario ??My above comments answers this.

• Security-role for java web services developed using j-developer 10.1.2.1

  I have developed a java web service using j-developer 10.1.2.1, I have deployed this web service to oracle 10g (10.1.2.1) application server successfully. Now I want to add security-role to my web service deployment descriptor so that only a group of users that belong to a group can access my web service.
  How can I do this? Can any one please let me know.
  Thanks,
  SC.

  Hi.
  I suspect you have a proxy server between your localhost and the
  drive-app1.drivesoftwaresolutions.com
  Probably in Jdev that proxy is setup nicely in Tools->Preferences->Web Browser and Proxy
  But maybe your OC4J container running BPEL on localhost does not have that proxy setup.
  You need to add startup parameters to the JVM. In 10.1.3 you can do this via the "AS Control" administration pages (there is a link on the SOA suite welcome page). Go to JVM, click on the container and switch to the "Administration" tab.
  The properties are proxySet, proxyHost, proxyPort and nonProxyHosts
  When deploying from JDev, the compilation in JDev works fine (uses the proxy). But when the JAR is transferred to the server, it is compiled again. This fails because the proxy is not used on the server side and it cannot read the wsdl.

• Seeking advice with concept / design of a Java Web Services Application

  Hi all,
  After a week of searching the internet I'm not sure how which projects, services, etc. I should use to develop my application. Please could someone offer some advice?
  Application outline (Java application running on Linux):
  1. Wait for an instruction from a Windows WCF application. Instruction contains a list of domain names and one or two other parameters.
  2. Perform queries upon those domain names (find if they are registered, etc. - takes 10-20 mins to do complete list)
  3. Send back results to WCF application.
  Solution 1 (first idea):
  1. Create SOAP web service using Java Web Services / Apache to listen for requests. Executes a Java Client Application upon request.
  2. Java Client Application performs the queries...
  3. Java Client Application sends results to the Windows web service.
  Solution 1 Problems:
  a) Using 2 applications, they won't be able to share the same memory.
  b) The whole process will be slow (having to pass the domain names from the service to application and execute the application each time) - A quick response is critical.
  c) Would like is for the whole process to be done under one application, sharing the same memory.
  Solution 2:
  1. Create a Java Daemon from scratch listening for an incoming SOAP message (no web service like Apache/Tomcat involved).
  2. Query the domain names in a new thread inside the Java Daemon
  3. Send the results back via SOAP.
  Solution 2 Problems:
  Cannot find examples of how to create a SOAP service from scratch. E.g. creating a WSDL file based on my application; converting application methods to SOAP-callable methods easily (without writing a framework).
  With all the Java tools and projects out there - Java EE, Glassfish Project - there must be a very easy way to achieve this seemingly simple task. Please can someone offer some advice?
  Many thanks for reading this.
  Richard
  Edited by: jazzinbrazil on Mar 30, 2009 4:58 AM

  You just need an app server like Tomcat.If I'm not wrong, Tomcat is a Servlet container.
  Servlets aren't deactivated when they don't receive
  any request for some time?
  How can I deploy an application to Tomcat in order to
  keep it always active?I don't know what you mean. Tomcat is an application that is always running. In what way are the Servlets deactivated?
  Apache Axis: http://ws.apache.org/axis/
  Yes I'm collecting some info about this... let's see
  it!
  Finally, to be more clearer... I don't want to start
  a new application at each invocation (something like
  getting the request, instantiating the necessary
  classes and executing them) but to call an already
  running app at each invocation (so, getting request
  and invoking, in a manner that I don't know, the
  running application).The container manages this. If you have data that must remain loaded, you can associate it with the class (use a static modifier.) This will complicate threading, however.
  I can use Axis to get the request, but it also grants
  me that my app will always be active?I think you are just using the wrong terminology here. What I think you are asking is whether the resources will be loded into memory at all times. If you want to ensure this behavior, you need to associate the data with a class. I'm not 100% positive, but I don't think Tomcat will unload classes in normal circumstances.

• Java web service with php SOAP client

  Hi!
  I have a Java web service with a procedure, which connects to a database:
  public boolean connectDB(String driver,String host, String user, String password)
  try {
  Class.forName(driver);
  connection =
  DriverManager.getConnection
  host
  , user
  , password
  return true;
  } catch (Exception v_exception) {
  System.out.println("connectDB(): " + v_exception);
  return false;
  If I call it from a PHP client, it doesn't work but doesn't throw any exceptions on the server side.
  The way I call it:
  $client = new SoapClient
  (<path>);
  try
  $conn=$client->connectDB();
  catch (SoapFault $exception)
  echo "\nexception: " .$exception;
  On the client side, I have an exception, but it's not very detailed:
  exception: Object id #2
  I had a simple function, too, which returns a string:
  public String getTestString()
  return "test";
  and if I call it from PHP, it's working...
  What may be the problem?

  Neither the simple "setter" methods work.. :(
  The php client side:
  $string="aladar";
  $client->setSample($string);
  $return = $client->getSample();
  The server side:
  public String sample;
  public String getSample() {
  return sample;
  public void setSample(String a_sample) {
  sample = a_sample;
  Any ideas?

• Consuming Java Web Service with complex return types

  Hi,
  I'm consuming a Java Web Service and the return I get in
  ColdFusion is a typed Java Object (with custom Java classes like
  com.company.project.JavaClass ...)
  Within this object I don't get direct accessible properties
  as when I'm consuming ColdFusion Web Services, instead I get a
  getPROPERTYNAME and setPROPERTYNAME method for each property.
  How can I handle this? I don't want to call this methods for
  each property (and there are nested objects with arrays of custom
  classes below, which would really make this complicated).
  What's the best way to cope up with this?
  Thanks a lot,
  Fritz

  The web service is actually the function, not the cfc and you
  didn't show a function.
  My own opinion is that since webservices by definition should
  be available to any calling app (cold fusion, .net, flash, etc),
  whatever gets returned from the method should be as universally
  recognizable as possible. This generally means text, numbers,
  boolean, or xml.

• Java web start security dialog with Java 7 update 51

  I build a Java Web Start application signed with a valid certificate.
  When I star the application the security dialog appear correctly as show in this figure
  http://www.java.com/en/img/download/trusted_signed.jpg
  My issue is about the "do not show again" checkbox.
  If the attributes href are present in the jnlp tag of the jnlp file the checkbox appear.
  If the attribute are not present, the checkbox doesn't appear and the run needs to be confirmed every time.
  (Example:
  <jnlp spec="1.0+" codebase=
  "http://docs.oracle.com/javase/tutorialJWS/samples/deployment/webstart_ComponentArch_DynamicTreeDemo"
  href="dynamictree_webstart.jnlp">
  This is a problem because my jnlp file is under a password protected directory and if href is specifed, the Java Web Start application try to retrieve it as the other resources. ( result in access denied because only the browser session is authenticated and the run fails)
  The documentation at Deploying a Java Web Start Application said:
  The codebase and href attributes are optional when deploying Java Web Start applications that will run on at least the Java SE 6 update 18 release or later. You must specify the codebase and href attributes when deploying Java Web Start applications that will run with previous releases of the Java Runtime Environment software.
  What is the right code? With href or without?
  Is this a BUG or a feature?
  How can I show the "don't show again" checkbox without having to specify the href attribute?

  From the documentation at JAR File Manifest Attributes for Security
  If the Application-Library-Allowable-Codebase attribute is present and matches the location from which the RIA is started, then a single host is listed in the Location field for the prompt and the option to hide future prompts is provided.
  This issue is also discussed here: Java Web Start security dialogs with Java 7 update 51 - Stack Overflow

• [OSB Kernel:398133]The service is based on WSDL with Web Services Security

  Team,
  I need to use the wsdl given by external client. When I create a osb business service, I am receiving the below error.
  OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.     ...
  WSDL:
  http://personator.melissadata.net/v3/SOAP/ContactVerify
  We don't have OWSM set up. Is there any workaround that I can use to connect to this service for OSB?

  As a workaround, you can try to remove the Policy definition and reference from the copy you will import in OSB.
  I would recommend to add OWSM to your domain. It's a straight forward process.
  Regards,
  Fabio.